Not having real time view of your dynamic digital footprint and the risks it is introducing, leaves an organization in the dark and serves as a low hanging fruit for attackers to use this exposed information to fuel their malicious attacks. Understanding the impacts of Shadow IT can be crucial.

What Will You Find In The Report? 

• How Shadow IT Occurs ?
  
  
• Some Analyst Statistics On Shadow IT
  
  
• Key CISO Challenges
  
  
• How Hackers Leverage Shadow IT (Few Examples)
  
  
• Use Cases & Mitigation Strategies

>> Download The Complete Report

The Forrester Wave™ Guide on Web Application Firewall, Q2 2018, is a detailed guide that helps you understand the 33 criteria & How To Use To Effectively WAF, Forrester Wave, helps in Measure Up WAF Vendors which is developed by Forrester for evaluating web application firewall vendors. 

In this evaluation, Forrester has identified 10 most significant ones - Akamai Technologies, Amazon Web Services, Barracuda Networks, Cloudflare, F5 Networks, Fortinet, Imperva, Positive Technologies, Radware and Rohde & Schwarz Cybersecurity. Forrester analysts have analysed, researched and scored them. This report shows how each measures up and helps security professionals make the right choice.

What Will You Find In The Report? 

• An Understanding Of WAF & How To Use To Effectively
  
  
• WAF Scorecard & Forrester Wave
  
  
• How Each Of The WAF Vendors Measure Up 
  
  
• Which WAF Solution Is Right Fit For Your Company & more

>> Download The Complete Report

With the increased growth in the usage of the internet, mobile applications, and the Internet of Things, applications become ubiquitous but their security is low key. Deploying an effective WAF will be one of the baseline measures organizations can take to protect themselves from breaches and secure their customers.

This is a detailed 20 page guide that helps you understand the critical capabilities for evaluating web application firewall. This report is created by FireCompass Analysts along with the F5 Networks Team. Organizations can customize this checklist based on their specific requirements. 

What will you Find in the Report? 

• Use Cases & Key Evaluation Parameters
   
• Various Deployment Options
   
• Evaluation Checklist for WAF

>> Download the Complete Report

Security Technology Adoption Report 2018 is a study by CISO Platform in association with FireCompass. This survey was conducted online and the results discussed in the report are based on the responses of CISO’s across the country. There are more than 395 data points from across the country.

The key findings of the report includes:

• Emerging Technologies for Year 2018 like Cloud Access Security Broker, Behavioral Analytics, Threat Intelligence etc.
  
  
• Implementation Status of some of the important technologies like Deception, Enterprise Mobility Management (EMM), Network Advanced Threat Protection (ATP) etc. 
  
  
• Vertical Wise Implementation Status for IT Security Technologies. Report contains analysis of all major industries like BFSI, Manufacturing, IT/ITes, Public etc. 

>> Click Here to Download the Full Report

Deep Web is the internet that cannot be accessed through standard search engines or the pages that are not indexed in any way.

Top 3 Misconceptions About the Deep Web

Deep Web & Dark Web are the Same

Dark Web is classified as a small portion of the Deep Web that has been intentionally hidden and is inaccessible through standard web browsers. Dark Web and Deep Web, neither can be search-indexed but large sections of the the Deep Web, unlike the darknets that form the so-called Dark Web, do not need any special censor-resistant software for access. The Dark Web, on the other hand, can only be accessed through various platforms that allows anonymity, the best-known and most widely-used among which happens to be Tor. Other platforms like I2P and Freenet are also generally referred to as being parts of the Dark Web.

This is a Anonymous Platform

Amidst all the disturbing material found in the Dark Web, the fact remains that anonymous communication networks are a boon for many activists, reporters, researchers and whistle-blowers who simply need the anonymity, without which, their lives and livelihoods may be in grave danger

Deep Web is Only used for Illegal Goods & Services

Dark Web has flourished a thriving trade of all that is illegal and unacceptable in civil society. In their book Cryptopolitik and the Darknet, researchers Daniel Moore and Thomas Rid claimed that around 57% of the Dark Web includes illicit content. Yet, a large part of the darknets manage to stay within the legal and ethical boundaries for the most part. Tor hosts a vast majority of the websites on the Dark Web. Deep Web is primarily infamous for drug dealing, assassin hiring but if we look on the other side of the coin, Deep web is used by whistle blowers, hacktivists and revolutionaries.

>> Hands-on workshop: Dark Web for Threat Intelligence @SACON Pune

What Can be Found in Deep Web?

The Deep Web Includes the below but is not limited to the below

1. You can get Multi-URL mega-databases that are very large for standard search engines to index.
2. Records, certificates, name directories, library indexes ..& more
3. Sensitive information like : Email id, Passwords, Password-protected and members-only websites
4. The back-end dashboard of any sort of individual account, whether it be banking, social platforms, email services, etc. This is only available after an account is logged into and accessed. Then, the URL changes to a private address accordingly.
5. Two-party user-to-user communications or threads on social media, chat services, messaging platforms, etc.

There are several tools used for reaching these parts of the internet. The TOR (The Onion Router) maintains the most popular tool for Dark Web access. Their primary product is the Tor browser. The .onion websites are opened only through TOR browsers. If you think you are completely anonymous though, think again. Law enforcement routinely shuts down and prosecutes sites and people doing illegal things on the Dark Web. Tor is the preeminent anonymising platform in the virtual world, and has been recommended by various human rights organisations as a shield for activists and dissidents fighting oppressive regimes around the world. cyber-security researchers are also known to use Tor to test firewalls and provide emergency DNS lookup services in case of DNS failures.

What Should a CISO be Concerned About?

Once a CISO is aware of what is available on the dark web, deep web or surface web, its easier to take steps to defend & protect those data from being used by the attackers. Any connection to or from the dark web within your company network can put you at risk (Dark Web Insider Threats)

• Exposed DB Servers & S3 Buckets (due to misconfigurations etc.)
• Exposed applications & websites, files & documents which are accessible
• Exposed services like APIs, FTP Servers etc.
• Personnel data which is available freely on the internet, including email addresses, phone numbers etc.

For more information on how to Discover & Map your Applications & Services which are publicly exposed on the internet, intentionally or unintentionally: Click Here

>> Hands-on workshop: Dark Web for Threat Intelligence @SACON Pune

Source: DarkWebNews Blog, FireCompass Shadow IT Page

2018 started with our community meets for Security Priority Planning for 2018.. and through our live survey we gathered some interesting insights. Technologies that are part of Key Focus Area for a CISO in 2018 are Security Analytics, SOC Implementation/ Upgradation, 3rd Party Risk Management, Awareness & Education, Vulnerability Management, Managing Advanced & Targeted Threats, Threat Intel Program, Incidence Response Program, Cloud Virtualization, Privacy, Cyber Resilience & Cyber Drill, Application Security Testing, Red teaming, API Security & more. 

Top 10 CISO Focus in 2018 (Technology):

Top 3 CISO Focus in Technologies for 2018 (City Wise Comparison):

Top 10 Emerging Technologies in 2018:

2018 started with our community meets for Security Priority Planning for 2018.. and through our live survey we gathered some interesting insights. Most votes (in percentage) were for network behaviour analytics, Security Orchestration, Cyber Risk Insurance, Secure DevOps & UEBA(User & Entity Behaviour Analytics). Technologies like MDR, Deception, Container Security, CASB(Cloud Access Security Broker), Isolation & MicroSegmentation also got voted as Emerging Technologies in 2018.

Bikash Barai, co-founder FireCompass said "Build your Security keeping in mind you will get hacked" ... "Typically people are over-invested in "Prevention" ... you need to balance & shift your investment to "detection & response".

Top 5 Emerging Technologies (City wise Comparison):

Do share with your friends. Let us know your comments from the survey analysis.

Enterprise mobility management suites connect mobile devices to enterprise workflows while supporting the perpetual growth in device numbers and types. Professionals responsible for mobile and endpoint strategies, must maintain focus on near- and long-term goals in this dynamic segment. 

>> Download the Complete Report

What's in the Report? 

• Market definition / description
• Magic Quadrant for Enterprise Mobility Management Suites
• Vendor strengths & cautions
• Evaluation Criteria

>>Download the Complete Report 

Everybody has logs and that means that everybody ultimately will have to deal with them—if only because many regulatory mandates prescribe that. In this guide, Dr. Anton Chuvakin will analyze the relationship between SIEM and log management, focusing not only on the technical differences and different uses for these technologies but also on architecting their joint deployments. In addition, he will provide recommendations for companies that have deployed log management or SIEM so they can plot their roadmap for enhancing, optimizing and expanding their deployment. He will also recommend a roadmap for companies that have already deployed both of these technologies.

>> Download the Complete Report

What's in the Report? 

• SIEM & Log Management defining features 

• SIEM Vs Log Management

• Use Cases & Technology Trends 

>> Download the Complete Report

Deception is a very useful and effective tactic to detect and evade threats in many situations. The modern cybersecurity situation is one such example.

This book explains cybersecurity deception and technologies in six short chapters which includes:

>> Download the Complete eBook

Chapters:

• How the modern cyber threat has evolved and how deception can break the cyberattack life cycle (Chapter 1)
• Why prevention technologies alone aren’t enoughto protect enterprise networks and how honeypotscan help (Chapter 2)
• Which innovations define advanced second-generation deception technologies (Chapter 3)
• How to create an enterprise deception strategy(Chapter 4)
• Where and how to deploy a deception architecture(Chapter 5)
• What to look for in an effective deception solution(Chapter 6)

>> Download the Complete eBook

Launching Top Security Vendor Awards - Solely Based On User Reviews On FireCompass

• We want to recognize the vendors that are highly rated by customers
• We will felicitate the winners in front of India's biggest Security Decision Makers gathering @ SACON Bangalore (10-11 November, 2017)
• We will also publish the report of the winners at the end of this year

How will Winners be Chosen?

• The winners will be chosen based on # of reviews & overall rating @ FireCompass
• The Vendor product must have 30+ reviews

What can Technology Providers Do to Win?

• Encourage your customers to leave a review for your product at FireCompass
• FireCompass users can log into FireCompass and write a review. OR Use the following shortcut to write reviews: Click here to write a review

FireCompass is a AI based platform which helps to Discover & Compare 1000+ Cyber Security Products, for more details please click: www.firecopass.com

Announcing Pre-registrations for the 4th edition of SACON - Security Architecture Conference in Bangalore on 10-11 November 2017.

Agenda Highlights: SACON 2017 aims to give an Overview of the Cyber Security Landscape, Emerging Security Technologies in the Market & How is the Security Landscape Shaping Up, Top Security Predictions for 2018, Cyber Security Procurement Workshop, Incident Response Workshop, Forensics, Security Architecture, Cyber Range Drills, Threat Hunting, Cloud & Smart Security, IOT, Forensics, AI &  Machine Learning, SecDevOps, Application Security, RASP, UBA ... & many more. To pre-register: https://www.sacon.io/

SACON 2017: The International Conference on Security Architecture is the only security architecture conference in the region and attracts the top most security professionals from APAC and speakers from across the globe. The agenda for SACON includes a broad spectrum of Security Architecture sessions and hands-on workshops. The Conference will be held from November 10-11, 2017 at The Lalit Hotel, in Bangalore, India. 

Security Architecture Conference started as a simple idea to grow the Information Security builder community. The 4th edition of SACON is organized by CISO Platform, the largest social collaboration platform exclusively for CISOs and senior information security executives with 60,000+ subscribers.

Security Architecture Tracks/Sessions:

Cyber Security Threats and Technology Trends

SACON is attended by a broad spectrum of Security Professionals from the Top CXO's attending from the Fortune 500 Companies to the application developers & security engineers. The content is specifically designed keeping the different audience group interests in mind.

“Security Architecture Strategy” for CXO's: SACON 2017 aims to give an Overview of the Cyber Security Landscape for 2017, Top Security Predictions for 2018, Emerging Security Technologies in the Market & How is the Security Landscape Shaping Up, Understanding Business / Management  & Communicating with the Board, Cyber Security Procurement Workshop ....& more

In-depth trainings for hands on technology professionals: Workshop on Incident Response, Forensics, Security Architecture, Cyber Range Drills, Threat Hunting, Cloud & Smart Security, IOT, SecDevOps, AI & Machine Learning, Deception Technology, Application Security, RASP, SIEM, Honeypots, UBA ... & many more.

Security Technology Demo Zone to Showcase 50+ cutting edge security products

An exciting learning lab zone would be there where technology providers shall create labs for participants to get trained on their products. The Demo Zone will showcase 50+ cutting edge security products & the innovations in cyber security.

The document is intended to be a guide for organizations faced with a ransomware infection. This guide is split into several sections, with the most critical and time-sensitive being in the initial response section. 

If you are currently experiencing a ransomware incident, it is highly recommended you immediately review the containment section below, and return to this section at a later time for an overall background of ransomware.

>>Download The Report

Why Read This Report ?

• Incident Lifecycle
• Preparation, Detection, Analysis
• Containment
• Eradication, Recovery
• Post Incident Activity

>>Download The Report

When a computer is infected with ransomware, the malware typically generates a very small amount of external network traffic. Upon infection, most versions/variants of ransomware utilize a Domain Generation Algorithm (DGA) to randomize the DNS request that it makes to the command & control (C&C) server. This makes blacklisting the known domains much harder since the malware will use the DGA to generate thousands of randomized domain names, where one may be a legitimate domain used to connect to the C&C server. This initial contact with the C&C server is to enroll the computer with the C&C server and to obtain the public encryption key(s) it then uses to encrypt all the user’s files. Therefore, a memory dump or network traffic capture will do very little to help gain the necessary information to restore the files since the private key that is needed to decrypt the files never exists on the victim computer. In the case of SamSam, there is no key-exchange as the public key (used to encrypt files) is included in the deployed package. However, as SamSam is introduced via traditional hacking activities, other indicators of compromise should be visible and acted upon.

This report gives you a broad view on the present technology providers and their relative position. The Magic Quadrant report positions technology players within a specific market. It brings together the major competing technology providers along with emerging, established and niche technology providers. 

The evaluation criteria along with graphical representation help ones rapidly ascertain the technology providers and their performance in the technology.

>>Download The Report

Why Read This Report ?

• Learn About Market Definition/Description of SIEM
  
  
• SIEM Product Landscape (Present Vendors)
  
  
• Magic Quadrant for Security Information and Event Management
  
  
• Vendor Strengths and Cautions
  
  
• Inclusion and Exclusion Criteria
  
  
• Evaluation Criteria
  
  
• Completeness of Vision

Companies Covered: IBM, Splunk, LogRythm, HPE, Intel Security, EMC (RSA), Alien Vault, Micro Focus, TrustWave, SolarWinds, Fortinet (AccelOps), EventTracker, BlackStratus, ManageEngine

>>Download The Report

Root cause analysis/investigation/forensic analysis of crisis, acquisition and retention of evidence and logs are necessary from legal point of view. Collection of evidence needs to be efficient so that the bank should not face any legal complexity during further investigation. The below guidelines need to be followed to avoid legal complexity.

Top 7 Things to do:

• Affected every electronic evidence will be preserved on an as is basis, to ensure its integrity.
• Any actions that may suggest tampering of evidence will be avoided.
• Every action (including symptoms of the problem) pertaining to the evidence will be thoroughly and unambiguously documented. This ensures that the scope for challenging the data, by resorting to multiple interpretations, is reduced.
• Decision makers will be intimated about the evidence available as soon as possible. This is important to avoid charges of fabrication of evidence.
• Access to the evidence should be strictly controlled. This is important in order to substantiate the claim that the logs are tamper-proof.
• Movement of evidence will be tracked. A detailed list of 15 individuals who control the evidence at any point will be maintained. The list will provide details with respect to date of receipt of the evidence, location where evidence is received, reason for handing over the evidence to the individual, period for which evidence is retained by the individual, etc.
• Before shutting down the system containing the evidence, all data with respect to messages on the screen, memory contents, state of network connections, state of running processes will be noted provided it is absolutely necessary.

Things Not to Do:

The following mistakes are to be avoided when handling evidences:

• Altering time and date stamps on evidence systems before recording them.
• Terminating rogue processes.
• Patching the system before investigators respond.
• Not recording the commands executed on the system.
• Using untrusted commands and binaries.
• Writing over potential evidence by installing software on the hard drive.

>>Get the Complete Report on Crisis Management Plan (Banking Industry)

There are four phases in Cyber Crisis Management, namely Detection, Response, Containment & Recovery. Here is a glimpse of the four phases.

>>Get the Complete Report on Crisis Management Plan (Banking Industry)

Detection Phase:

Input to this phase comes both from external sources, such as – customer complaint, regulator complaint, and any other third party; and also from internal sources like helpdesk team and the team engaged for “Security Incident Management Procedure”.

Response / Containment / Recovery Phase:

Various activities which will be carried out by the respective stakeholders under this phase include:

a. Cyber Crisis Management Team (CCMT)

i. Chief Information Officer (CIO) •Coordinates the IT implementation efforts with the technology team within the bank and with the third parties who are maintaining or managing the IT infrastructure

ii. Chief Information Security Officer (CISO) •Coordinates the security controls evaluation and implementation efforts with the Information Security Team within the bank and with the third parties who are maintaining or managing the IT infrastructure •To coordinate with Business Heads and advise them on the situation

iii. Chief Risk Officer (CRO) •CRO will be directly involved fir the Risk Assessment phases and give guidance to the CCMT during the crisis management 10

iv. Chief Financial Officer (CFO) •Provide the justified approval / guidance on the investments/ expenses during the crisis situation •Monitor cost-to-benefit ratio for the efforts and IT/ controls implementation

v. Chief Technology Officer (CTO) / Head (IT Infrastructure) •Engage with his team for isolating systems affected / restoring backups if necessary and all other infrastructure and application related operational issues

vi. Head (Legal) / Legal Counsel •Provide consultation on the legal standing of the bank during the Cyber security crisis situation •Provide consultation on the legal standing of the decisions taken by the Board members and/or CCMT •Provide legal support during the litigation or law suit

vii. Head (Corporate Communication) / Public Relations Officer (PRO) •Consult with the Board members and CCMT members on understanding the crisis and preparing an appropriate public response for the situation – if required •Work with the external parties and media on providing the bank’s stand on the Cyber crisis situation •Continuously provide internal communication and update to employees on the current situation and appropriate steps to be taken by them

viii. Respective Business Heads • Continuously work with their respective teams to address the concerns and issues of the customers

>>Get the Complete Report on Crisis Management Plan (Banking Industry)

Here is brief Summary of Top 5 Enterprise Security Architecture Measurement Categories. This was earlier presented in SACON (India's only Security Architecture Conference in India)by Arnab Chattopadhyay, VP - Engineering @ Infoworks Inc & Bikash Barai, Co-Founder FireCompass

Architecture Measurement Categories:

1 - Completeness:

• Do we have all of the components?
• Do they form an integrated system?

2 - Assurance:

• Does the system run smoothly?
• Are we assured that it is properly assembled?
• Is the system fit-for-purpose?

3 - Compliance:

• Do we maintain the system?
• Do we follow the architecture roadmap?
• Do we comply with the rules?

4 - Performance:

• Is the system properly tuned?
• Do the components work together?
• Do we operate the system correctly?

5 - Justification & Significance:

• Does the system have business value?

>>Click Here to see the full presentation 

The 2016 trends in cybersecurity report talks about the top 10 trends and stats that matter most to security and enterprise leaders. Its imperative to stay on top of security concerns in today's changing world.

What's in the Report? 

• Study & Analysis of Exploits, 6000+ Vulnerabilities disclosed in 2016

• Declining Java Exploits and other key trends

• Consumers computers attacked 2X compared to enterprise

• "Highly severe"vulnerabilities on a 3 year high

>> Download the Complete Report

How was this Report Made?

For 10 years, Microsoft has been studying and analysing the threat landscape of exploits, vulnerabilities and malware. We’ve used data gathered from more than 600 million computers worldwide to develop one of the most complete security data sets in the world. Our year-round research is then collected and published in The Microsoft Security Intelligence Report, a globally accredited, 160-page report that comprehensively addresses the security landscape. This year, in an effort to drive awareness of key insights and trends, we’ve also developed A Quick Guide to the Most Important Insights in Security, an abridged, to-the-point resource that readers can use to learn the important factors in the complex matrix of Cybersecurity.

For years, enterprises and the security community have debated whether the cloud is more secure or less secure than the datacenter. Always a strawman argument, now that debate becomes moot. The cloud is here to stay. And the job now is to operationalize security across the datacenter and into the cloud architecture, fully covering evolving use cases and hybrid architectures along the way. We are moving towards IT architecture models that integrate all sorts of topologies from datacenter to cloud and everything in-between. IDC surveys reveal that more and more enterprises are maturing their cloud strategies toward optimization over the next two years. (See Figure 1). A cloud security model must be flexible enough to align with these highly distributed architectures across many service providers. In particular, a model should address software-as-a-service (SaaS) architectures which are the most prevalent and architecturally distinct new entrants into an IT architecture model.

( Read More: Secure SDLC Program: “The Art Of Starting Small” )

Why Read the Report? 

• Find out the Guide to Cloud Security Strategy, SAAS Focus
• Learn how to Asses Existing Security Solutions
• Learn How to Architect the Cloud Application Security Model

>> Download the Complete Report